Traffic shaping box, tips.

Discussion in 'Technical' started by Hagforce, Jul 8, 2006.

  1. Hagforce

    Hagforce New Member

    Hello!.

    We got a 30mb SDSL connection with 500+ clients behind it.
    Some is using mutch bandwith for bittorrent, and other bandwith consuming things :rolleyes:

    I been locking at dedicated traffic shaping boxes, but they come at a high cost.

    Anybody know ift here is any easy to manage traffic shaping software for linux.

    Wil a powerful linux box be enough for this network?, or wil it just slow everything down?.


    Well, if enybody got experience with this, or know links to how to`s etc I`m very interested.

    Thank you in advance.
     
  2. falko

    falko Super Moderator ISPConfig Developer

  3. opyrt

    opyrt New Member

    SDSL Traffic Shaping

    Hello Hagforce.

    I'm facing the same problem, although to a much smaller scale. I've made a script that really improves the performance on my SDSL link, but I really don't know if this is the right way to do it. I am no iptables guru, I just know that this works for me. Maybe you can use this as a guide on how to set up something similar?

    This is the shellscript I run on my linux based firewall/router:

    #!/bin/sh

    set_ipt () {

    ## Set up base tables for interfaces.

    iptables -t mangle -F POSTROUTING

    for DEVICE in eth0 eth1; do
    # Check if the table is defined.
    iptables -t mangle -n -L SH${DEVICE}-OUT > /dev/null 2>&1
    if [ $? != 0 ]; then
    # No. Create the table.
    iptables -t mangle -N SH${DEVICE}-OUT
    else
    # Yes. Empty the table.
    iptables -t mangle -F SH${DEVICE}-OUT
    fi
    iptables -t mangle -I POSTROUTING -o ${DEVICE} -j SH${DEVICE}-OUT
    done
    }

    ## Bandwidth to limit to.
    ## Should be approx. 10-15% lower than max bandwidth on the link.
    ## (This is in kilobit)

    MAINRATE=1900

    for DEVICE in eth0 eth1; do
    # Set up basequeues on the interfaces and change queuelenght.
    ifconfig $DEVICE txqueuelen 100
    tc qdisc del dev $DEVICE root sfq perturb 10 >/dev/null 2>&1
    tc qdisc del dev $DEVICE root >/dev/null 2>&1

    # If the script was started with the stop parameter,
    # let's stop here. This will result in all traffic
    # shaping to be turned off.
    if [ "$1" = "stop" ]; then continue; fi

    # Add HTB root queue discipline.
    tc qdisc add dev ${DEVICE} root handle 1: htb default 22

    # Add main limit class.
    tc class add dev ${DEVICE} parent 1: classid 1:1 htb rate ${MAINRATE}kbit

    # Set up classes.
    tc class add dev ${DEVICE} parent 1:1 classid 1:20 htb rate $(($MAINRATE/4))kbit ceil ${MAINRATE}kbit prio 0
    tc class add dev ${DEVICE} parent 1:1 classid 1:21 htb rate $(($MAINRATE/4))kbit ceil ${MAINRATE}kbit prio 1
    tc class add dev ${DEVICE} parent 1:1 classid 1:22 htb rate $(($MAINRATE/4))kbit ceil ${MAINRATE}kbit prio 2
    tc class add dev ${DEVICE} parent 1:1 classid 1:23 htb rate $(($MAINRATE/4))kbit ceil ${MAINRATE}kbit prio 3

    # Queues for wach class.
    tc qdisc add dev ${DEVICE} parent 1:20 handle 20: sfq perturb 10
    tc qdisc add dev ${DEVICE} parent 1:21 handle 21: sfq perturb 10
    tc qdisc add dev ${DEVICE} parent 1:22 handle 22: sfq perturb 10
    tc qdisc add dev ${DEVICE} parent 1:23 handle 23: sfq perturb 10

    # Limit traffic to the classes based on tagging from iptables.
    tc filter add dev ${DEVICE} parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
    tc filter add dev ${DEVICE} parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
    tc filter add dev ${DEVICE} parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
    tc filter add dev ${DEVICE} parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23

    set_ipt

    iptables -t mangle -A SH${DEVICE}-OUT -p tcp -m length --length :64 -j MARK --set-mark 20 # Small packages
    iptables -t mangle -A SH${DEVICE}-OUT -p udp -j MARK --set-mark 20 # UDP packages
    # iptables -t mangle -A SH${DEVICE}-OUT -p icmp -j MARK --set-mark 21 # ICMP packages (ping)
    iptables -t mangle -A SH${DEVICE}-OUT -p tcp --sport 22 -j MARK --set-mark 20 # SSH
    # iptables -t mangle -A SH${DEVICE}-OUT -p tcp --sport 23 -j MARK --set-mark 21 # TELNET
    iptables -t mangle -A SH${DEVICE}-OUT -p tcp --sport 21 -j MARK --set-mark 21 # FTP Control
    done

    ## END ##
     

Share This Page